Amendments to the Claims 

The following listing of claims will replace all prior versions and listings of claims in the 

application. 

Listing of Claims 

1. (currently amended) A method for conducting authenticated business transactions 

involving communications using microprocessor equipped devices to 
communicate over a distributed network, the method being carried out by an on- 
line authentication service available on the distributed network, comprising the 
acts of: 

a) providing an on lin e auth e ntication s e rvic e availabl e on th e distribut e d 
n e twork: enrolling a multiplicity of users with a closed authentication 
infrastructure, wherein enrolling comprises obtaining and verifying the 
identity and other credentials of the multiplicity of users and providing 
each user with a unique secret necessary for later authentication to said on- 
line authentication service and storing the verified identity and other 
credentials in at least one database; 

b) authenticating a plurality of the multiplicity of users to said on-line 
authentication service using a clos e d auth e ntication svst e m each user's 
unique secret to produce a plurality of authenticated users; and 

c) conn e cting enabling a gFOtap -pluralitv of groups each group comprising of 
at least two of said plurality of authenticated users to conduct interactions 
comprising a plurality of messages under persistent mediation of said on- 
line authentication service, producing a conn e ct e d group. such that each of 
the plurality of messages pass through said on-line authentication service 
and is directly monitored by said on-line authentication service. 

2. (currently amended)The method of claim 1 furth e r comprising e nrolling said us e r s to 

said on - lin e auth e ntication s e rvic e prior to auth e nticating said us e rs to said on - lino 
auth e ntication s e rvic e . , further comprising the act of providing each of the at 
least two users in an interaction verified information about each other user in the 
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interaction in an intelligible form before beginning the interaction, whereby each 
user may decide whether to proceed with an interaction based on the verified 
information provided by the on-line authentication service. 

3. (currently amended) The method of claim 1 wherein persistent mediation of said 

connected group an interaction further comprises the acts of directly compiling an 
audit trail of an interaction of said connected group. and making the audit trail 
available to the at least two users in the interaction in an intelligible form at any 
time during the interaction at the option of the at least two users and wherein the 
audit trail com prises at l east some of the content of the plurality of messages in 
the interaction. 

4. (currently amended) The method of claim [[3]]1 wherein the unique secret comprises a 

private encryption key, and said closed authentication syste minfrastructure 
is comprises a pseudo-PKI system of thea type which cryptographically 
camouflages a user's private encryption key in a software containe r, whereby the 
user's camouflaged private key will generate a correct response to an 
authentication challenge if a proper access code is entered, but often generates an 
incorrect but plausible response which if used will provide a notice to the on-line 
authentication service of a security attack on the camouflaged key . 

5. (currently amended) The method of claim 4 wh e r e in th e on lin e s e rvic e is a p e rsist e nt 

auth e ntication and m e diation s e rvic e . , wherein enrolling a multiplicity of users 
further comprises the act of providing each of said multiplicity of users with a 
public key encrypted on a certificate which can only be decrypted using a secret 
key under exclusive control of the on-line authentication service, whereby the 
pseudo-PKI system operates as a closed authentication infrastructure and the on- 
line authentication service is capable of authenticating users without storing a 
cryptographic key of the user other than during the act of authenticating. 
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6. (currently amended) A m e thod for conducting auth e nticat e d bu s in es s transactions 

involving microproc e ssor e quipped devic e s ov e r a distribut e d n e twork, th e 
m e thod comprising th e acts of: 

a) providing an on line authentication s e rvic e availabl e on th e distribut e d 

n e twork; 

b) authenticating a plurality of users to said on lin e auth e ntication s e rvic e 

using a clos e d PKI auth e ntication syst e m to produc e a plurality of 
authenticat e d us e rs; and 

e) conn e cting a group of at l e ast two of said plurality of auth e nticat e d us e rs 

und e r p e rsist e nt m e diation of said on lin e auth e ntication s e rvic e , producing a 
conn e ct e d group. The method of claim 3. further comprising the act of providing a 
discovery portal available to authenticated users through the on-line 
authentication service such that users can search for other users based on their 
verified and dynamically variable credentials, whereby users may conduct 
authenticated interactions with each other without having a prior relationship. 

7. (currently amended) The method of claim 6 . wherein the method further comprises the 

act of enabling the plurality of authenticated users to interact with each other in 
collaboration groups through the on-line authentication service when a 
collaboration group comprises at least two users each using a browser operated 
computing device. furth e r comprising e nrolling said us e rs to said on lin e 
auth e ntication s e rvic e prior to auth e nticating said us e rs to said on lin e 
auth e ntication s e rvic e . 

8. (currently amended) The method of claim 7 wherein the act of enabling the plurality of 

authenticated users to interact with each other in collaboration groups further 
comprises enabling the at least two users in a collaboration group to make a 
selection during the interaction of at least part of the audit trail for archival by the 
on-line authentication service such that it will be held under control of the control 
of the on-line authentication service for access by any of the at least two users in 
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the interaction after the interaction is complete. p e rsist e nt m e diation of said 
connected group compris e s compiling an audit trail of an int e raction of said 
connected group. 

9. (currently amended)The method of clai m 6. further comprising the act of accepting 

dynamically variable credentials from at least some of the plurality of 
authenticated users, and wherein the act of providing a discovery portal further 
comprises the act of providing the plurality of users with the capability of 
searching for other users based on dynamically variable credentials. 7 wh e r e in 
said closed PKI auth e ntication syst e m is a ps e udo PKI syst e m of th e typ e which 
cryptographically camouflag e s a us e r's privat e k e y in a softwar e contain e r. 

10. (currently amended)The method of claim [[9]] 7. wherein the collaboration group 

comprising at least two users each using a browser operated computing devise 
comprises greater than two users each using a browser operated computer device. 
wh e r e in th e on lin e s e rvic e is a p e rsist e nt auth e ntication and m e diation s e rvic e . 

11. (currently amended) A method for conducting authenticated business transactions 

involving communications using microprocessor equipped devices to 
communicate over a distributed network, the method being carried out by an on- 
line persistent authentication and mediation service available on the distributed 
network, comprising the acts of: 

a) providing a p e rsist e nt auth e ntication and mediation service as an on - lin e 

servic e on th e distribut e d n e twork; 

{[b]]a) enrolling users seeking enrollment in the persistent authentication and 
mediation service, to produce a plurality m ultiplicitv of enrolled users, 
wherein enrolling comprises obtaining and verifying the identity and other 
credentials of the multiplicity of users and providing each user with a 
unique secret necessary for later authentication to said on-line persistent 
authentication and mediation service : 
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b) storing the verified identity and other credentials in at-least one database; 

c) receiving on-line requests from enrolled users for authentication to the 
persist e nt on-line authentication and m e diation service; 

d) authenticating enrolled users seeking authentication to the persistent 
authentication and mediation service using a clos e d PKI auth e ntication 
syste meach enrolled user's unique secret, so as to maintain a plurality of 
authenticated users ; 

e) receiving requests from authenticated users to be connected to particular 
other authenticated users; 

f) connecting groups of at least two authenticated users under persistent 
mediation of the persistent authentication and mediation service so that 
and enabling the at least two authenticated user s which are connected ean 
to conduct an interaction comprising a plurality of messages ; 

g) repeating act (f) to produce a plurality of groups of connected users; and 

h) mediating the interaction among the at least two users of each of said 
plurality of groups of connected users aft e r conn e ction, wh e r e in th e act of 
m e diating th e int e raction comprises th e acts of providing auth e nticat e d 
id e ntity information to th e int e raction such that each message in the 
interaction passes through the persistent authentication and mediation 
service; and 

i) directly compiling an audit trail of the interaction and making information 

from the audit trail available to the at least two users of each group of connected 
users during the interaction in an intelligible form wherein the audit trail contains 
at least some of the content of the plurality of messages in the interaction . 

12. (currently amended)The method of claim 1 1 wherein the act of enrolling users 
seeking enrollment in the persistent authentication and mediation service 
comprises the acts of: 

a) distributing software to a user seeking enrollment which enables 

microprocessor equipped devices operated by the user seeking enrollment 
to interact with said persistent authentication and mediation service, 



6 



b) generating a unique private key, and a unique public key for the user 
seeking enrollment, 

c) obtaining permanent credentials particular to each of the user seeking 
enrollment, said credentials comprising public permanent credentials and 
secret permanent credentials, 

d) deciding whether to approve the applicant seeking enrollment[[;]] a 

e) distributing the unique secret comprising the unique private key in the 
form of a camouflaged private encryption key p ublic k e y and the uniqu e 
privat e k e y to the user seeking enrollment if the user seeking enrollment is 
approved, wherein the camouflaged private encryption key is camouflaged 
in a software container, whereby the user's camouflaged private 
encryption key will generate a correct response to an authentication 
challenge if a proper access code is entered, but often generates an 
incorrect but plausible response if an improper access code is entered, 
whereby if an incorrect response is used notice will be provided to the on- 
line persistent authentication and mediation service of a security attack, 

f) distributing the unique public key to the user, wherein said unique public 
key is in a form which can only be decrypted with a key held under 
exclusive control of the persistent authentication and mediation service, 
whereby the persistent authentication and mediation service acts as a 
closed authentication infrastructure; 

[[f)]]g) storing said permanent credentials in a customer database, said customer 
database being accessible to said persistent authentication and mediation 
service, whereby the user seeking enrollment becomes one of said 
multiplicity of enrolled users, and 

[[g]]h) repeating steps (a) through [[(f)]](g) for each applicant seeking enrollment. 

13. (currently amended)The method of claim 12 wherein the act of authenticating 

enrolled users seeking authentication to the common authenticatin g persistent 
authentication and mediation service comprises the acts of: 
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a) generating a challenge message from the p e rsist e nt auth e ntication and 
m e diation s e rvic e and sending it over the public network to an enrolled 
user seeking authentication, 

b) receiving a response to the challenge from the user seeking authentication, 
said response comprising an encrypted message and the encrypted unique 
public key uniqu e too f the enrolled user seeking authentication, 

c) verifying the authenticity of the response to the challenge, the act of 
verifying the authenticity comprising the act of decrypting the unique 
public key and then decrypting the response using the unique public key 
uniqu e to of the enrolled user seeking authentication to produce a 
decrypted response, 

d) authenticating the enrolled user seeking authentication if the decrypted 
response indicates that the response was authentic, whereby the enrolled 
user seeking authentication becomes an authenticated user, 

e) rejecting the user if the decrypted response indicates that the response was 
not authentic, and 

f) repeating steps (a) through (e) for each enrolled user seeking 
authentication. 

(currently amended)The method of claim 1 [[3]]I further comprising the acts of: 

a) allowing authenticated users to optionally submit variable credentials; 

b) receiving variable credentials submitted by authenticated users; 

c) storing the variable credentials in the customer database according to user; 

d) providing authenticated users discovery software, whereby authenticated 
users may dynamically discover enrolled users according to search 
criteria. 

e) granting authenticated users access to search the public permanent 
credentials and the variable credentials in the customer database, using said 
discovery software. 
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15. (original)The method of claim 14 further comprising making available collaboration 

software to each of said plurality of groups of connected users is to facilitate 
communication among the at least two authenticated users of each group, wherein 
said collaboration software makes information from the audit trail available to 
each of said at least two authenticated users of each of said plurality of groups of 
connected users. 

16. (currently amended)The method of claim 15 wherein: 

a) the softwar e PKI auth e ntication syst e m i s a ps e udo PKI syst e m of th e typ e 
unique secret comprises a w hich cryptographically camouflage[[s]]d 
private key th e unique privat e k e ys in a software container, 

b) wherein the unique public keys is encrypted in a form recognizabl e to with 
a key held under exclusive control of the common persistent 
authentication and mediation service agent and stored in a digital 
certificate, 

c) wherein the act of authenticating an enrolled user to the common 
authenticating service further comprises the act of decrypting the encrypted 
unique public key unique to the enrolled user prior to decrypting the response. 

17. (original)The method of claim 14 wherein the persistent authentication and mediation 

service is provided by at least one host site connected to the distributed network, 
said at least one host site comprising at least one computer server operated by an 
open software platform providing intelligent interactions, wherein the operation 
the persistent authentication and mediation service is implemented by software 
operating on the open software platform. 

18. (original)The method of claim 17 wherein interactions between users and the 

persistent authentication and mediation service are mediated through the open 
software platform. 
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19. (original)The method of claim 18 wherein some of the plurality of groups of 

connected users comprise at least three authenticated users. 

20. (original)The method of claim 19 wherein some of the plurality of groups of at least 

three connected users comprise users of different types. 

21. (original)The method of claim 18 wherein the distributed network is the public 
Internet. 

22. (original)An online service for conducting business transactions among 

microprocessor equipped devices over a distributed network, the online service 
comprising: 

a) a host site connected to the network, the host site comprising an open 
software platform providing intelligent interactions; 

b) a persistent authentication and mediation service, the persistent 
authentication and mediation service comprising a software PKI 
authentication agent operating on said open software platform such that 
communications over the network by said persistent authentication and 
mediation service are mediated by said open software platform; 

c) a customer database comprising permanent credentials and dynamically 
variable information corresponding to users of the online service and a 
database manager for managing the customer database; 

d) software operating on said open software platform which performs at least 
the following functions: 

i) enrolling users seeking enrollment in the persistent authentication 
and mediation service to produce enrolled users, 

ii) storing credentials corresponding to enrolled users in the customer 
data base, 

iii) authenticating enrolled users seeking authentication to the 
persistent authentication and mediation service to produce 
authenticated users, 
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iv) allowing a authenticated users to discover enrolled users according 
to search criteria, 

v) allowing authenticated users to be connected under mediation of 
the persistent authentication and mediation service through the 
open software platform, 

vi) allowing collaboration between authenticated users which have 
been connected, and 

vii) memorializing transactions between authenticated users. 

23. (original)The online service defined in claim 22 where the function of enrolling users 
seeking enrollment in the persistent authentication and mediation service 
comprises the functions of: 

a) distributing software to a user seeking enrollment which enables 
microprocessor equipped devices operated by the user seeking enrollment 
to interact with the persistent authentication and mediation service, 

b) generating a unique private key, and a unique public key for the user 
seeking enrollment, 

c) obtaining permanent credentials particular to each of the user seeking 
enrollment, said credentials comprising public permanent credentials and 
secret permanent credentials, 

d) deciding whether to approve the applicant seeking enrollment; 

e) distributing the unique public key and the unique private key to the user 
seeking enrollment if the user seeking enrollment is approved, and 

f) storing said permanent credentials in a customer database, said customer 
database being accessible to said persistent authentication and mediation 
service, whereby the user seeking enrollment becomes one of said 
multiplicity of enrolled users, and 

g) repeating steps (a) through (f) for each applicant seeking enrollment. 
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24. (original)The online service defined in claim 23 wherein the function of 

authenticating enrolled users seeking authentication to the persistent 
authentication and mediation service comprises the functions of: 

a) generating a challenge message from the persistent authentication and 
mediation service and sending it over the public network to an enrolled 
user seeking authentication, 

b) receiving a response to the challenge from the user seeking authentication, 
said response comprising an encrypted message and the unique public key 
unique to the enrolled user seeking authentication, 

c) verifying the authenticity of the response to the challenge, the act of 
verifying the authenticity comprising the act of decrypting the response 
using the public key unique to the enrolled user seeking authentication to 
produce a decrypted response, 

d) authenticating the enrolled user seeking authentication if the decrypted 
response indicates that the response was authentic, whereby the enrolled 
user seeking authentication becomes an authenticated user, 

e) rejecting the user if the decrypted response indicates that the response was 
not authentic, and 

f) repeating steps (a) through (e) for each enrolled user seeking 
authentication. 

25. (currently amended)The online service defined in claim 24 wherein: 

a) the software PKI authentication agent is a pseudo-PKI system of the type 
which cryptographically camouflages each of the unique private keys in a 
software container, 

b) wherein each of the unique public keys is encrypted in a form 
recognizable to the common pseudo-PKI authentication agent and stored 
in a digital certificate, 

c) wherein the function of authenticating an enrolled user to the 
commo np ersistent authenticati[[ng]] on and mediation service further 
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comprises the function of decrypting the encrypted unique public key 
unique to the enrolled user prior to decrypting the response. 

26. (currently amended)The online service defined in claim 2[[5]]2 wherein the 

distributed network is the public Internet. 

27. (currently amended)A system for conducting business transactions over a distributed 

network, the system comprising: 

a) a persistent authentication and mediation service site providing a 

persistent authentication and mediation service, said site connected to the 
public network, said site comprising 

i) an open software platform application providing intelligent 
interactions said platform application mediating all interactions of 
said persistent authentication and mediation service site via said 
public network, 

ii) an_authentication agent application comprising a software pseudo- 
PKI authentication application operating on said open software 
platform application, said common authentication agent 
application comprising software which enrolls new businesses 
users producing enrolled users and authenticates the enrolled users 
producing authenticated business users , 

iii) an audit agent application operating on said open software 
platform which logs and monitors interactions mediated by the 
open software platform, whereby every interaction among 
authenticated business users passes through the open software 
platform and is monitored by the audit agent, 

iv) a discovery software application operating on said open software 
platfor m such that said discovery software agent operates to enable 
authenticated business users to search for other users based on their 
credentials , and 
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v) a collaboration software application operating on said open 

software wherein said collaboration software application enables 
groups of at least two authenticated business users to communicate 
under direct mediation of the audit agent and to access audit 
information in an intelligible form during an interaction. 

b) a multiplicity of user sites operated by the enrolled users, the user sites 
being connected to the public network, each site operating at least one 
computer application whereby it may interact with other business users 
and each site further comprising software which allows interaction with 
the persistent authentication and mediation service, a software 
camouflaged private key, and a digital certificate, said digital certificate 
comprising an encrypted pseudo-public key r e cognizabl e encrvpted with a 
key which is under exclusive control of te-said persistent authentication 
and mediation service , wherein said camouflaged private key will generate 
a proper response to a challenge from the persistent authentication and 
mediation service if a correct access code is entered and may generate 
plausible but improper responses if incorrect access codes are entered, 
whereby if an incorrect response is used the persistent authentication and 
mediation service will be alerted to a security attack on the camouflaged 
private key ; and 

c) a database of authentication information and credentials pertaining to the 
enrolled business users of said persistent authentication and mediation 
service, the database accessible to the common authentication agent 
application and the discovery application . 



28.(original)The system defined in claim 27 further comprising a plurality of 

authentication provider applications accessible by the authentication agent 
application. 
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29. (currently amended)The system defined in claim 2[[8]]7 wherein at least one 
authentication provider application is located at a different site than the persistent 
authentication and mediation service site. 

30. (currently amended)The system defined in claim 2[[8]]7 further comprising a 
plurality of audit provider applications accessible by the audit agent application. 

31. (currently amended)The system defined in claim 2 [[9]] 7 wherein at least one 
authentication application provider is located at a different site than the persistent 
authentication and mediation service site. 

32. Cancelled. 

33. (currently amended)The system defined in claim [[31]]27 wherein the network is the 

public Internet. 

34. (currently amended)The system defined in claim [[33]]27, wherein the user sites 

comprise sites which are chosen from the group consisting of user sites which 
access the network via a browser operating on a computer, mobile telephonic 
devices which access the network, world wide web sites, and sites comprising 
applications without a user interface. 

3 5. (original) An apparatus for providing a service for conducting authenticated business 

transactions involving a multiplicity of users over a distributed network, the 
apparatus comprising: 

a) at least one application server connected to the public network, the at least 
one application server having a computer processor and a computer 
readable memory, the memory storing the software to implement the 
service, the software comprising 

i) an open software platform providing intelligent interactions, 
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ii) a software pseudo-PKI authentication agent application, operating 
on said open software platform, 

iii) a discovery software application, operating on said open software 
platform, and 

iv) a collaboration software application, operating on said open 
software platform,; 

b) at least one database server, the at least one database server comprising a 
business users database, the business users database comprising 

i) authenticated data about registered business users, said 
authenticated data being protected from user modification; 

ii) data pertaining to registered business users which is dynamically 
modifiable by said business users; and 

iii) data needed for linking business users; 

whereby the application server facilitates authenticated interactions 
between business users, including the ability to access other authenticated 
users without repeated logging in, the ability to dynamically search for 
authenticated users according to user defined specifications, and 
accomplish peer to peer collaboration. 
36. (currently amended)[[An]]The apparatus as defined in claim 35 where the distributed 
network is the Internet. 
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